action abstraction

One of the most serious threats to cyberspace is malware, with multiple actors and diverse targets. In malware analysis systems, the extent of malware and countermeasures actions, evaluating the actions of actors, and extracting the effective actions of actors are important challenges. In this paper, a four-layer framework for extracting the effective actions of malware actors with a game theory approach is presented. In the first layer, based on environmental evidence, the actions of the attacker and the defender and their parameters were defined and determined; in the second layer, the activities of the actors based on abstraction techniques were extracted based on actions. In the third and fourth layers based on game theory, the activities of the actors were modeled and analyzed in a Scenario-centric approach. The effective options of the actors and the optimal equilibrium states of the games were extracted based on 13 defined measures. The proposed framework was modeled and evaluated based on a case study involving 12 offensive and 12 defensive activities in three games; the activities of the actors are extracted from their actions. The results showed that the effective activities of the attacker and the defender are 3 and 2 activities, respectively, and the participation rate of these activities in the basic and optimal equilibrium states was 83% and 100%, respectively.Rreducing the game space, evaluating actions, and extracting effective actions and optimal equilibrium states of the actors are some of the benefits of the proposed framework.